← Back

Mobility

mobility

Vendor: Netmotionsoftware • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-40067
1Netmotionsoftware
1Mobility
Nov 21, 2024
Sep 16, 2021
N/A· v4
6.8 MEDIUM· v3
4.9 MEDIUM· v2
The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid cre...Show more
The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v12.14.Show less
CVE-2021-40066
1Netmotionsoftware
1Mobility
Nov 21, 2024
Sep 16, 2021
N/A· v4
5.3 MEDIUM· v3
3.5 LOW· v2
The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group...Show more
The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v11.76 and Mobility v12.14.Show less